Exploits get Visual
<p>On October 31st, Microsoft released a Security Advisory entitled <a href="http://www.microsoft.com/technet/security/advisory/927709.mspx">Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution</a>. At this time, a vendor supplied patch has not been released against the vulnerability. It allows a remote file to be downloaded and executed whenever a vulnerable user visits a malicious Web site. We have confirmed that it is being actively exploited in the wild.</p>
<p>To proactively detect the exploitation of this vulnerability, Symantec Security Response released <a href="http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-110115-5513-99"> Bloodhound.Exploit.95</a> on November 1. Since then, we have received steady number of Bloodhound.Exploit.95 submissions. The submitted files are generally .html files from malicious Web sites, which use the vulnerability to download further malware, most of which have turned out to be <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-042013-1813-99">Trojan.Galapoper.A</a> variants. Trojan.Galapoper.A is a Trojan that downloads and executes remote files, which are generally other malware. Other downloaded files have turned out to be general Infostealers. </p>
<p>Once again this demonstrates the need to practice safe computing until a vendor supplied patch is made available. And think twice before visiting a suspicious Web site – you may get more than you bargained for.<br />
</p>
http://www.symantec.com/enterprise/security_response/weblog/2006/11/visual_confirmation_vulnerabil.html
http://www.symantec.com/enterprise/security_response/weblog/2006/11/visual_confirmation_vulnerabil.html
Fri, 03 Nov 2006 23:40:06 -0800
Linear Mode
